blob: e333dc0d2432ecae76c50e6831d59d580e861931 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
#!/usr/bin/tclsh
# -*- coding: cp1251 -*-
# создание секретного ключа
# создание заявки и самоподписанного сертификата командой req
# проверка OIDов алгоритма во всех структурах
lappend auto_path [file dirname [info script]]
package require ossltest
cd $::test::dir
start_tests "Создание ключей и заявок, команда genpkey"
if {[info exists env(ALG_LIST)]} {
set alg_list $env(ALG_LIST)
} else {
switch -exact [engine_name] {
"ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
"open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:0 gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}}
}
}
foreach alg $alg_list {
set alg_fn [string map {":" "_"} $alg]
set username pkey_$alg_fn
foreach {alg_only params} [split $alg :] break
test -createsfiles $username/seckey.pem "Секретный ключ, алгоритм $alg" {
file delete -force $username
file mkdir $username
openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.pem"
expr {[file size $username/seckey.pem] > 0}
} 0 1
test -skip {![file exists $username/seckey.pem]} "OID в секретном ключе" {
extract_oids $username/seckey.pem
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]]
test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, заявка по секретному ключу" {
makeFile $username/req.conf [makeConf]
openssl "req -new -config $username/req.conf -key $username/seckey.pem -out $username/req.pem"
expr {[file size $username/req.pem] > 0}
} 0 1
test -skip {![file exists $username/req.pem]} "Подпись под заявкой корректна" {
grep "verif" [openssl "req -verify -in $username/req.pem"]
} 0 {verify OK
}
test -skip {![file exists $username/req.pem]} "OID в заявке, алгоритм $alg" {
extract_oids $username/req.pem
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]
test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, сертификат по секретному ключу" {
openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem"
expr {[file size $username/cert.pem] > 0}
} 0 1
test -skip {![file exists $username/cert.pem]} "OID в сертификате" {
extract_oids $username/cert.pem
} 0 [mkObjList [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg]\
[param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]]
test -createsfiles "$username/seckey.der" "Алгоритм $alg сохраняем ключ в DER-формате" {
openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.der -outform DER"
file exists $username/seckey.der
} 0 1
test -skip {![file exists $username/seckey.der]} "OID в секретном ключе $alg DER" {
extract_oids $username/seckey.der DER
} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]]
test -skip {![file exists $username/seckey.der]} -createsfiles $username/req2.pem "Создаем заявку из ключа в формате DER" {
openssl "req -new -config $username/req.conf -key $username/seckey.der -keyform der -out $username/req2.pem"
expr {[file size $username/req2.pem] > 0}
} 0 1
test -skip {![file exists $username/req2.pem]} "Подпись под заявкой корректна" {
grep "verif" [openssl "req -verify -in $username/req2.pem"]
} 0 {verify OK
}
}
end_tests
|